Page 1 of 1
Scope of the "Post" method
Posted: Sun Jun 13, 2010 12:28 am
by twilightman
Ok imagine this
I have 3 files
File 1 is a html form which uses the post method
File 2 is a php script which processes file 1's form results
File 3 is called by file 2 using header("Location: File3.php");
Ok imagine if the user typed "chocolate" into one of the field's in the form
in file 2 the value "chocolate" and can be accessed by referencing $_POST["food"]
File 2 calls file 3 and file 3 references $_POST["food"] but in file 3 $_POST["food"] is NULL
So I ask the question
How can I pass the value of "chocolate" to file 3 using $_POST["food"] in a secure way?
Re: Scope of the "Post" method
Posted: Sun Jun 13, 2010 2:08 am
by cpetercarter
Several possibilities:
- set a session variable "food" with the value "chocolate" in File2.php and read it in File3,php
- redirect to File3.php?food=chocolate and retrieve the value of $_GET['food'] in File3.php
- by far the best solution is not to use location headers in your programming at all. They are slow (as they involve an extra round trip between your server and the browser) and clumsy. It is much better to use constructions like:
Code: Select all
if ($some_condition) {
require "File3.php";
}
Incidentally, you should use the full uri (
http://www.mysite.com/File3.php) in a location header, not a relative path like File3.php which may be misinterpreted by the browser.
Re: Scope of the "Post" method
Posted: Sun Jun 13, 2010 2:12 am
by requinix
I'd have to disagree that including is the best option. There are definite uses for redirection - especially after form submissions.
Should you want that, use
sessions instead of POST. Dump everything into someplace in $_SESSION and then you can access it anyplace, anytime (after the form has been submitted, of course).
Re: Scope of the "Post" method
Posted: Sun Jun 13, 2010 12:52 pm
by cpetercarter
It is sometimes argued that a redirect following submission of $_POST data prevents the user from using the "back" button to resubmit the data (intentionally or otherwise). However, there are better ways of achieving this, such as including a one-time token as a hidden field in the form. The "location" header is intended for situations where a website or a page has moved, not for routine programming tasks. See
this.
Re: Scope of the "Post" method
Posted: Sun Jun 13, 2010 8:10 pm
by twilightman
I am going for option 1 "Use session variables"
When I took all things into account this is the BEST way
any other way just makes my code more complicated than it needs to be
Thanks all

Oh I forgot to mention it works fine